Difference between revisions of "1.0 Release Notes"
From GCube System
Manuele.simi (Talk | contribs) (→Changes Related to the gHN) |
|||
| Line 14: | Line 14: | ||
:::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). | :::* <code>trustedGHNSynchInterval</code> indicates how often the gHN refreshes the list the gHNs it can trust (in seconds). | ||
| − | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> is enabled and configured to load the host | + | ::* In a secure distribution, the ''security descriptor'' of the gHN in <code>$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xml</code> is enabled and configured to load the host credentials. These '''must''' be configured as follows: |
| − | ::* | + | :::* the host key in <code>/etc/grid-security/containerkey.pem</code>; |
| − | + | :::* the host certificate in <code>/etc/grid-security/containercert.pem</code. | |
| − | :::* <code>/etc/grid-security/containercert.pem</code | + | |
::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. | ::* the environment variable <code>X509_USER_PROXY</code> is now used to contact the container from outside the process. In a secure distribution, It '''must''' contain a valid proxy certificate accepted by the container. | ||
Latest revision as of 19:06, 4 February 2010
gCore 1.0 introduces the following changes:
Changes Related to the gHN
- distribution: there are now two distributions of the gHN, the standard distribution and the secure distribution. The secure distribution extends the standard distribution with:
- a
Delegationservice that provides delegated credentials to locally deployed services. - a
Securitylibrary that supports authentication and authorisation of gCube calls as well as policy management. - a
gcore-stop-containerscript that shutdowns a secure container.
- a
- configuration: a set of new configuration setting is available.
- the
GHNConfig.xmlhas been extended with two additional configuration parameters:
-
allowedScopeslists the VOs that the gHN is allowed to join. -
trustedGHNSynchIntervalindicates how often the gHN refreshes the list the gHNs it can trust (in seconds).
-
- the
- In a secure distribution, the security descriptor of the gHN in
$GLOBUS_LOCATION/etc/globus_wsrf_core/global_security_descriptor.xmlis enabled and configured to load the host credentials. These must be configured as follows:
- In a secure distribution, the security descriptor of the gHN in
- the host key in
/etc/grid-security/containerkey.pem; - the host certificate in
/etc/grid-security/containercert.pem</code.
- the host key in
- the environment variable <code>X509_USER_PROXY is now used to contact the container from outside the process. In a secure distribution, It must contain a valid proxy certificate accepted by the container.
-
START_OPTIONShas been renamed toGCORE_START_OPTIONS. It can be now either set in the external environment or in thegcore-start-containerscript.
-
Changes Related to Services
None
Changes Related to the Documentation
- new/revised sections in the Administrator's Guide.
- the Configuration Section now illustrates the setup of a secure gHN.
